Horizon Blogging Software 1.0.0!

[logixxxx]

Edge Drive (ie. Me and some other people) have released Horizon Blogging Software version 1.0! Woot. In this release it contains some new features, a brand new skinning engine, & a totally new (and sexy?) administrative control panel.  Well, I know a lot of you are DIE-HARD WordPress fans, but that's okay  All I ask is for you to try Horizon Blogging Software for a few days, if you don't like it, make a suggestion!

 

Download: SourceForge

Demo Blog: Hosted at Daybreak

Our Site: Edge Drive

 

- logix

[logixxxx]

So, nobody has anything to say about it?

[php_tom]

Seems ok.. you might fix the following:

 

If you click the calendar:

Error Message:

 

HBS couldn't find the calevents table. If you cannot fix the problem, please go to the Edge Drive Community by clicking here. Once there, be sure to include the error which is stated below.

 

Table 'scottcone-1.versionone_calevents' doesn't exist

 

And XSS if you make a comment with url:

javascript:alert('hacked!')

[logixxxx]

Awesome. I'll get the XSS fixed as soon as possible.

[Fadion]

When im clicking a user's name on the comments it is supposed to open a website, but your window.location='blah blah' isnt working. It opens a new page and is just printing that line. Im on IE 7.

[logixxxx]

That's because it isn't a "real" website address. I'll get it so it requires it to have a TLD (ex. .com/.net) at the end of it so that won't happen. Otherwise, if you typed a real website address (such as google.com) you would be able to click it. Thanks though, I'll start working on it!

[Fadion]

Instead of using javascript, u could just use html <a href="site" target="_blank">, so u dont care very much if the url is valid (anyway u need that validation). The script looks good though, but as i see things more from the perspective of a designer then coder, id say that if thats the default template, it may need some touches.

[logixxxx]

Really? Wow. We spent quite a time designing that. It's 99.9% CSS and uses around 1 image for an effect. What do you think should be tweaked? If you're interested, we do have a skinning engine that makes it easy to make a skin, if you are interested.

[teng84]

i guess the site is on its 80 percent so beta test it is not worthit

[logixxxx]

teng84, what's that suppose to mean?

[teng84]

there are lot of things to be done in your site there are lot of broken links

[logixxxx]

All the links in the "demo" blog are working for me. If you're talking about "link 2, link 3", they are just there to show that you can edit it and have your own links.

[teng84]

ooops sorry

[logixxxx]

Can anybody find any other XSS hacks?

[php_tom]

Can anybody find any other XSS hacks?

 

There's still this one:

javascript:alert('hacked!');

in the url field of a comment.

 

I would fix this by

1) disallowing single and double quotes in form fields (except maybe the comment itself)

2) filtering the word javascript from form fields

3) putting a length limit on name and url (maybe 18 chars for name, 40 chars for url)

4) testing that the url has 'http' in it

[Fadion]

Really? Wow. We spent quite a time designing that. It's 99.9% CSS and uses around 1 image for an effect. What do you think should be tweaked? If you're interested, we do have a skinning engine that makes it easy to make a skin, if you are interested.

 

Using CSS doesnt mean u dont have to use images. Right now the template is pretty basic, consisting of only 5 color variations (including text colors) and some basic shapes. Actually im not that free to create a design for u, but im sure u can find someone who'd be glad to create smth fancy.

[evillair]

From the readme.txt:

"Then, point your browser to the /install

folder to begin the installation process."

 

The install directory is empty. 

[emehrkay]

Can anybody find any other XSS hacks?

 

There's still this one:

javascript:alert('hacked!');

in the url field of a comment.

 

I would fix this by

1) disallowing single and double quotes in form fields (except maybe the comment itself)

2) filtering the word javascript from form fields

3) putting a length limit on name and url (maybe 18 chars for name, 40 chars for url)

4) testing that the url has 'http' in it

 

wouldnt running htmlentities on the field fix it?

[php_tom]

It should, or just disallow these chars (maybe others too):

" ' ; ( ) [ ] < >

and maybe the word javascript (although what if my web site is www.javascriptgod.com or something).

 

HTMLentities is probably easier.

[LiamProductions]

Error found:

 

Warning: Invalid argument supplied for foreach() in /home/u3/scottcone/itsdaybreak.com/html/admin/deleteentry.php on line 41

 

On:

http://www.itsdaybreak.com/admin/deleteentry.php

 

That happens if you don't tick one and just press Delete selected.

[Daniel0]

Well, you miss an opening <html> tag and a DOCTYPE declaration. Also, you have content after your closing </html> (the number of seconds it took to generate the page I guess (put it in an HTML comment).

[logixxxx]

I have to be the stupidest person ever. I forgot to include the installer for the v1 release. Opps! If you go to www.edgedrive.com and click download, you'll get an new download that will include the installer. Sorry about that!

[keeB]

My biggest question is this:

 

What does Horizon offer than I cannot get with something like WordPress?

[logixxxx]

Excellent question. I've been asked this before...

 

One thing is our customized .htaccess file which blocks many spiders/offline browsers from accessing your blog which will minimize spam. Second, our WYSIWYG editor is much more "advanced(? is that the right word)" than WordPress' which allows for more "customized" postings. I'm trying to think of things I haven't posted before on this subject. You'll have to excuse me, I'm really tired from Soccer this week. Tommorow I'll post some more. ;-)

 

How about this? I challenge you to download & install Horizon Blogging Software and use it (it doesn't have to be your primary blog), but just test it out. Then, you can have you're opinion on how you like it. It hopefully will be good.

[LiamProductions]

I get a error when im trying to install:

 

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.